I have to create a Netgate account to download pfSense? Urgh.
Mini intro to pfSense , versions and installer types.Two or three years ago - Netgate abandoned the "One image fits all" , and decided to make a
Plus version that is subscription $$ based.
The "fancy" features like hw accelaration etc. just goes into the plus version now.
They old free version was named
CE (Communty edition).
Netgate stated they would still support the CE, but new fancy features for CE had to be community driven.
For home/soho users CE would mostly be adequate.
PlusSubscription version w. limited intall support - Has more features than the CE (Free) version.
Support some datacenter options (DCO) , and gets updated more frequently than CE.
CE - Community Edition
Free , support via forum/friends
Long time between new releases - Almost 2 years between 2.7.2 and the new 2.8.0
AFAIK there has been no major security issues on the CE version , in the two year period between releases. (That couldn't be solved via system_patches)
https://nvd.nist.gov/vuln/search/results?form_type=Basic&results_type=overview&query=pfsense&search_type=all&isCpeNameSearch=falseAlways install the latest
System_Patches package , and install the patches it suggests
Install/Download:In their (IMHO lack of) Infinite visdom Netgate has switched from a
full downloadable install image.
To an "Installer image", that boots up an installer , and requires registration and "online/internet" connection to install the final version.
IMHO that is a BIG mistake.
But Netgate uses this way to install the PLUS version, and says CE has to follow same way (no extra testing/cost)
Last full image DL You can download the old "almost current." 2.7.2 CE edition here wo. registration.
https://atxfiles.netgate.com/mirror/downloads/Always check the validity on any OS downloads , and especially firewall sw.
This is my saved sha256 for the 2.7.2 series for reference
2.7.2 sha256 sums
Memstick Serial
bc3ee3d82b8195387114a64c3398505f238a6cb5393ae9b2d45d1bf9408ed192
Memstick VGA
7c68b40c02f06f17146e2f1d5899e2f4a2bcfd98803f06fef8ecf3e2d0f63dcb
ISO
883fb7bc64fe548442ed007911341dd34e178449f8156ad65f7381a02b7cd9e4
You should not even trust my list above, but download both the xxxx.gz and the xxxx.gz.sha256 (sum file)
Now calculate the sha256sum of the downloaded xxxx.gz
MS Win can do it with this built-in program.
certutil -hashfile xxxx.gz sha256Compare the calculated sha256 with the value in the downloaded xxxx.gz.sha256 file.
The "Old full image" downloadable installer, came in 3 flavours (see above).
memstick = usb stick image.
memstick .... VGA based installer - You have srcreen/kbd attached to pc
memstick serial .... serial based installer - You have a serial connection to the box
ISO ... requires a cd/dvd drive
pfSense is FreeBSD , and can sometimes be picky w. hw.
Especially "netcards" ... FreeBSD drivers
(pfSense) "loves" Intel netcardsPre 2.6.x - Using realtek was a painfull experience ... Even "don't"
Upgrading pfSense:pfSense has a nice reputation of being able to import an older configuration , and convert it to current wo. any issues.
That makes it easy to ie. download the 2.7.2 "full image" and upgrade to current 2.8.0 (online)
Downgras is not (officially) supported.
Using a newer config (like from plus), on an older version like (CE) - Is not guaranteed to work.
I'm still considering a switch to OPNsense, would offer same features (maybe even PLUS like features too), and more frequent updates.
But they have previously (i checked two years ago) has some unfortunate updates, that affected stability.
If the quality of the updates has been fixed, i will seriously reconsider...
But for now i have been staying with pfSense CE.
Home
Help
Search
Login
Register
